Microsoft has released security updates for November 2023. Included in this months patches are security updates for five zero-day vulnerabilities where three of them are exploited in attacks.
When the vulnerability in Windows Cloud Files Mini Filter Elevation of Privileges is exploited, the attacker will successfully gain SYSTEM privileges.
It is not known how the flaw was abused in attacks or by what threat actor.
Microsoft has fixed an actively exploited and publicly disclosed Windows DWM Core Library vulnerability that can be used to elevate privileges to SYSTEM.
Microsoft has fixed an actively exploited Windows SmartScreen flaw that allows a malicious Internet Shortcut to bypass security checks and warnings.
How the vulnerability can be exploited:
Exploiting this vulnerability will bypass the protected mode when opening a file received via the web.
A denial of service vulnerability in ASP.NET Core.
An attacker could exploit this vulnerability in the Windows Pragmatic General Multicast (PGM) by sending a specially crafted file over the network, potentially allowing them to execute remote malicious code on the targeted machine.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
A successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest’s security boundary to execute code on the Hyper-V host execution environment.
An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions.
Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions.
We recommend installing the security patches as soon as possible.